Add JWT signature validation to `kolide_jwt`

[Micah-Kolide]

I've added JWT signature validation to the kolide_jwt table. This required me to take the kolide_jwt table generation out of the dataflatten table generates as we've needed to add additional columns to pass in the public key data to the table generate.

There's a lot of ways we could go about this, but currently I've written it to receive a JSON like string in the form of a hash with key id (kid) -> public key string. I take that JSON string and unmarshal it into a keyMap which I pass off to the JWT parser. The JWT parser uses the keyFunc (JWTKeyFunc) to validate the token string.

I haven't implemented checking the algorithm, but that might be a good thing to consider adding in. How do others feel on this?

I still want to be able to return data when the token is invalid, or if we haven't received any public key data. Therefore I log any error that occurs in this parser step, but I do not early return/continue.

[Micah-Kolide]

I'm really tired, so this'll be short but I wanted to post some results:

osquery> SELECT * FROM kolide_jwt WHERE path = '/Users/micahsorenson/Downloads/data.zta' AND signature_key = '{"US-2/v1": ""}';
{"time":"2024-05-30T23:56:23.294204Z","level":"INFO","msg":"err","launcher_run_id":"01HZ5YXHJKTDKP58XVTBMFNTEZ","table":"kolide_jwt","!BADKEY":"token is unverifiable: error while executing keyfunc: error parsing the public key from the PEM block"}
time=2024-05-30T23:56:23.294Z level=INFO source=/Users/micahsorenson/launcher/ee/tables/jwt/table.go:78 msg=err launcher_run_id=01HZ5YXHJKTDKP58XVTBMFNTEZ table=kolide_jwt !BADKEY="token is unverifiable: error while executing keyfunc: error parsing the public key from the PEM block"
      fullkey = verified
       parent =
          key = verified
        value = INVALID
        query = *
         path = /Users/micahsorenson/Downloads/data.zta
signature_key = {"US-2/v1": ""}

osquery> SELECT * FROM kolide_jwt WHERE path = '/Users/micahsorenson/Downloads/data.zta' AND signature_key = '{"US-1/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1lq36T0TGIZet9K5KJf4\nzASFvcSCZkAZjenB4WLJsQOaKJzK44QieUMe868fYD8D4cPo+hbTI3Vozj2G8adu\n3pbKha9JJ8Ob4l+pR+zN9gyuJZ/ZIlm/S/ybkZBJDD2P9i2KHxHfg6en10jyZ40z\nyWu5Yaa8sTrSrURBs5FJxYDyvYY7w2RYR35mn5ZXZaAOFaPBwK2J8bNP0UFrTVr0\n5cyeN4plDy648XiXBB+BWD1PNTSX2o9nylXuVkWY/BWHvjlpunnE18gQOHJu6Mmk\nrbZtcRAVocYV+YIXqwOc2AwtkMLwl8OyI6cPuSy/v68gCv4Nt6EYJ4UJZvlNo++H\nMGsAe0kIUHurmawNd0A4s8wMYQkNSvJReiyuqTZeq+ZYfHmngWHmu0g2D3QimiDC\nQHDWj3yIaG6rlfrmAHeMTckqwv4AGzDq0QEMXmKXUuwXyU3gIV5hu0JyQgxsgybC\nDyZeoEYogHJUfwQZmVzr1T4mdI3irjN+0Y+rVD6mIVsCWu+jjtrHqGg/BfTuGnYc\nvktwtMFyWd9++FUGhriI+RzOqrhgJ0j8KArrzkIPky113mSdIZirmMfTeojGyVtm\nuVQmai7z3YEfCiddgBH5r4H1mJTPydXYzzpo8WqhxeMM592ludGwyOzo7Nv++0/Z\n/O2z/Q5uugXa9XMh946jd0cCAwEAAQ==\n-----END PUBLIC KEY-----\n", "US-2/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuzYd6/byyZ3Oe63mBWTv\ns74onUzPdDz6LAbYwF63dARGn6vtTLll8Q39XxUkT5NyKEqjIbQcDDFE9xVOlrHI\nGWqBV9i2TAg1g0UdDwy1kyVxkwLrkPnVePknlMHuUs+eigHJ4O9NVotdnvOPSANU\nXzJR5repeXO47C0/FdcxYWwsI8UFk143wXZcRq7ZpMkDUBijQmfNGqP6CfFIoLsa\n6u0yMaWc+GYcK9PZsK6YIFAxgtn5UYz1Qb+HzBllXp8bOxNFi/JV2aOFziG1Ou71\n3DyRbsh7+a7J4FPSqil1UXY1E0+mPS8lHNxXcSVqYMQCGdluShYcxU7X9szZJIQq\nBqRZCQSbQb1JSD4j1wirUs+2+hikd4SXpvXzpT6XKdB2Zrk5L4+4EYhxP9GXXsiV\noNSDuaM4Di+bXL6LomhA+jVWPyEZ4JrU3htEb0aj0JOkLx7S18l0aU3W621ytnsN\nlF+BtaOE0UmpsUItORQPt7YbQm7MXS25TlAq595wJn3UzGupU2DYdJ7J4UwHDv3D\nlXD7pIgv786QKANxbS6B7lxlxJSBEMQE7BU3sjNIjjgAVXTYpFLxwzdL9Tk+DvNP\ntG5s+WornQEE0w5laxegMgkjpS20IM1ATQFIXDqt3r0jOU4jsOnbzUMZ/sH82FyG\nWYY+nGpXog0BeaL07JS9N1cCAwEAAQ==\n-----END PUBLIC KEY-----\n", "EU-1/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqtnxZVNB4JddabltcdZ4\nh3MaqncLlT9+4HITJ45G51nv0rSl02DY1YkZCvVDdRVWEY1KLKwIEmXs1gigO8df\n6gwvVrixuLnXV8C3fzcOkK/f3CDZCT349rGhku708qkizUedwrgkGWOqk9WsM7wO\nTgQ9oYxEZl0Z3Bxs9Ht3E59sM691KaalVT87NPOk22nxZBng2EfcnLLmqvm1nAeS\n0fJ5ktoqjIyyTeial1LRZK96iWEZuUXZj72pzfg2kKVzLa0/5crlimXQVmW5cUqe\ni5u0c0qotLkXc2s/ait4y1SHF3+k4Q+ht4s+ziU1jgqoRx+oaY2pTNSsVGWHgenW\nSPeYKRRv3s5iTkdvl6xJ68Ip3EktB53Vw7OJWaIagqGD6Jv+5YMUUFNbt4e9alW1\nsHS1ZfKuphHk4RiH1lVcpJmzlM3XZyh1XtinxDwgH0d3kKyW7mPkmfsaKdgS8ui6\nj5WNqieJWg/Q5ZtBMxzm3wpNjYhgd352EV2BvUiCQ+EhpTw2uU7b9wrIPSM0Y25E\nU/jkIJq+o+gRAUtngM9/fkVDOGqKgzoYOGX7yezKN/6ONsrCAHOI3VZu7YSaAlJN\ncaDdLeevrZIw3oSaibGchXsk6PFJqVG6d7HSej7vv++O47PgwkLyepSHYT0SV+3q\nSWoRysQy6JfMFiy9sF4iKCMCAwEAAQ==\n-----END PUBLIC KEY-----\n"}';
      fullkey = verified
       parent =
          key = verified
        value = VALID
        query = *
         path = /Users/micahsorenson/Downloads/data.zta
signature_key = {"US-1/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1lq36T0TGIZet9K5KJf4\nzASFvcSCZkAZjenB4WLJsQOaKJzK44QieUMe868fYD8D4cPo+hbTI3Vozj2G8adu\n3pbKha9JJ8Ob4l+pR+zN9gyuJZ/ZIlm/S/ybkZBJDD2P9i2KHxHfg6en10jyZ40z\nyWu5Yaa8sTrSrURBs5FJxYDyvYY7w2RYR35mn5ZXZaAOFaPBwK2J8bNP0UFrTVr0\n5cyeN4plDy648XiXBB+BWD1PNTSX2o9nylXuVkWY/BWHvjlpunnE18gQOHJu6Mmk\nrbZtcRAVocYV+YIXqwOc2AwtkMLwl8OyI6cPuSy/v68gCv4Nt6EYJ4UJZvlNo++H\nMGsAe0kIUHurmawNd0A4s8wMYQkNSvJReiyuqTZeq+ZYfHmngWHmu0g2D3QimiDC\nQHDWj3yIaG6rlfrmAHeMTckqwv4AGzDq0QEMXmKXUuwXyU3gIV5hu0JyQgxsgybC\nDyZeoEYogHJUfwQZmVzr1T4mdI3irjN+0Y+rVD6mIVsCWu+jjtrHqGg/BfTuGnYc\nvktwtMFyWd9++FUGhriI+RzOqrhgJ0j8KArrzkIPky113mSdIZirmMfTeojGyVtm\nuVQmai7z3YEfCiddgBH5r4H1mJTPydXYzzpo8WqhxeMM592ludGwyOzo7Nv++0/Z\n/O2z/Q5uugXa9XMh946jd0cCAwEAAQ==\n-----END PUBLIC KEY-----\n", "US-2/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuzYd6/byyZ3Oe63mBWTv\ns74onUzPdDz6LAbYwF63dARGn6vtTLll8Q39XxUkT5NyKEqjIbQcDDFE9xVOlrHI\nGWqBV9i2TAg1g0UdDwy1kyVxkwLrkPnVePknlMHuUs+eigHJ4O9NVotdnvOPSANU\nXzJR5repeXO47C0/FdcxYWwsI8UFk143wXZcRq7ZpMkDUBijQmfNGqP6CfFIoLsa\n6u0yMaWc+GYcK9PZsK6YIFAxgtn5UYz1Qb+HzBllXp8bOxNFi/JV2aOFziG1Ou71\n3DyRbsh7+a7J4FPSqil1UXY1E0+mPS8lHNxXcSVqYMQCGdluShYcxU7X9szZJIQq\nBqRZCQSbQb1JSD4j1wirUs+2+hikd4SXpvXzpT6XKdB2Zrk5L4+4EYhxP9GXXsiV\noNSDuaM4Di+bXL6LomhA+jVWPyEZ4JrU3htEb0aj0JOkLx7S18l0aU3W621ytnsN\nlF+BtaOE0UmpsUItORQPt7YbQm7MXS25TlAq595wJn3UzGupU2DYdJ7J4UwHDv3D\nlXD7pIgv786QKANxbS6B7lxlxJSBEMQE7BU3sjNIjjgAVXTYpFLxwzdL9Tk+DvNP\ntG5s+WornQEE0w5laxegMgkjpS20IM1ATQFIXDqt3r0jOU4jsOnbzUMZ/sH82FyG\nWYY+nGpXog0BeaL07JS9N1cCAwEAAQ==\n-----END PUBLIC KEY-----\n", "EU-1/v1": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqtnxZVNB4JddabltcdZ4\nh3MaqncLlT9+4HITJ45G51nv0rSl02DY1YkZCvVDdRVWEY1KLKwIEmXs1gigO8df\n6gwvVrixuLnXV8C3fzcOkK/f3CDZCT349rGhku708qkizUedwrgkGWOqk9WsM7wO\nTgQ9oYxEZl0Z3Bxs9Ht3E59sM691KaalVT87NPOk22nxZBng2EfcnLLmqvm1nAeS\n0fJ5ktoqjIyyTeial1LRZK96iWEZuUXZj72pzfg2kKVzLa0/5crlimXQVmW5cUqe\ni5u0c0qotLkXc2s/ait4y1SHF3+k4Q+ht4s+ziU1jgqoRx+oaY2pTNSsVGWHgenW\nSPeYKRRv3s5iTkdvl6xJ68Ip3EktB53Vw7OJWaIagqGD6Jv+5YMUUFNbt4e9alW1\nsHS1ZfKuphHk4RiH1lVcpJmzlM3XZyh1XtinxDwgH0d3kKyW7mPkmfsaKdgS8ui6\nj5WNqieJWg/Q5ZtBMxzm3wpNjYhgd352EV2BvUiCQ+EhpTw2uU7b9wrIPSM0Y25E\nU/jkIJq+o+gRAUtngM9/fkVDOGqKgzoYOGX7yezKN/6ONsrCAHOI3VZu7YSaAlJN\ncaDdLeevrZIw3oSaibGchXsk6PFJqVG6d7HSej7vv++O47PgwkLyepSHYT0SV+3q\nSWoRysQy6JfMFiy9sF4iKCMCAwEAAQ==\n-----END PUBLIC KEY-----\n"}

osquery> SELECT * FROM kolide_jwt WHERE path = '/Users/micahsorenson/Downloads/data.zta';
{"time":"2024-05-31T00:12:21.007322Z","level":"INFO","msg":"err","launcher_run_id":"01HZ5ZTW1R2778B9Q5JY1PKJW8","table":"kolide_jwt","!BADKEY":"token is unverifiable: error while executing keyfunc: no key id matched the JWT header key id"}
time=2024-05-31T00:12:21.007Z level=INFO source=/Users/micahsorenson/launcher/ee/tables/jwt/table.go:78 msg=err launcher_run_id=01HZ5ZTW1R2778B9Q5JY1PKJW8 table=kolide_jwt !BADKEY="token is unverifiable: error while executing keyfunc: no key id matched the JWT header key id"
      fullkey = verified
       parent =
          key = verified
        value = UNKNOWN
        query = *
         path = /Users/micahsorenson/Downloads/data.zta
signature_key =